Summary

  • 4 minutes

At the beginning of this module, you needed to block new deployments from untrusted registries to your Azure Kubernetes cluster, and present a report of the status of your cluster against that Policy.

In this module, you learned how Azure Policy for Kubernetes can be used to achieve this goal. You created an Azure Kubernetes Service (AKS) cluster with the Azure Policy add-on enabled. After that, you assigned a Policy to that cluster to prevent pulling from a nonauthorized container registry. You attempted to create a deployment that didn't comply with this new Policy and found out that it failed. You took steps to diagnose why the failure happened. You also assigned an initiative, which is a group of policies to the same cluster. Finally, you were able to show the compliance state of your cluster against these policies and took steps to bring it back to a compliant state for one of the policies.

Without this solution, your team would be wasting time by manually creating company policies, asking coworkers not to do certain things and potentially opening your clusters to security and operational issues. In the end, you saved the company thousands of dollars in time by automating that manual work using Azure policies for AKS.

Important

In the optional exercises for this module, you created resources by using your own Azure subscription. Clean up these resources so that you won't continue to be charged for them.

Clean up resources

In this module, you created resources by using your Azure subscription. The following steps show you how to clean up these resources so that there's no continued charge against your account.

  1. Go to the Azure portal.

    Azure portal

  2. In the left menu, select Resource groups.

  3. Select the resource group name starting with videogamerg or the resource group name you used.

  4. On the Overview tab, select Delete resource group.

  5. To confirm the deletion, enter the name of the resource group. To delete all the resources you created in this module, select Delete.

Clean up Policies

  1. Go to the Policy page in Azure portal.
  2. Select Assignments in the left blade
  3. Select the same scope you did before (your AKS cluster resource group) Screenshot showing Policy assignments to delete
  4. Select the Policy you assigned and select Delete assignment in the resulting page
  5. Select Yes when the verification comes up
  6. Repeat the same steps for the initiative you assigned

Learn more

To learn more about Azure Kubernetes Service and GitHub Actions, see the following articles and Microsoft Learn modules: